<?php
	# Class: HTML Sanitizer
	# -----------------------------------------
	# Use to sanitize the input. Can handle both BBCode and normal HTML.
	# This does not use regular expression, so increasing the speed.

	class Joob_Utils_Sanitizer	{
		
		# Allowed tags
		private static $tags=array( 
			"a","b","center","i","u","br","p","h1","h2","h3","h4","h5","h6","ul","li","url","img","code","small","big","tab","quote","sub","sup","link","image"
		);
		
		# The text
		private static $text,$ftext;
		
		# Security Mode. When set to true, the sanitizer will
		# return emty string or an alert to notify potential attack.
		private static $smode=true;
		
		# Allow multiple new line (prepareably not).
		private static $allow_new_lines=false;
		
		# Other data.
		private static $last_tag, $last_word;
		private static $style="";
		
		
		private static $ext_lib=0;
		private static $san;
		
		
		function __construct(){
		}
		

		# Function: set()
		# -------------------------------------
		# Setting the text.
		public static function set($text,$style=''){
			self::$text=$text;
			self::$ftext="";
			self::$style=$style;
			self::process();
			return self::$text;
		}
	
		
		# Function: sanitize()
		# -------------------------------------
		# This is actually an alias of set.
		
		public static function sanitize($text,$style=''){
			return self::set($text,$style);
		}
		
		
		
		# Function: sanitizeEditor()
		# ------------------------------------
		# Sanitize the input data set by editor, when input style allowed.
		
		public static function sanitizeEditor($data){
			$data=str_replace(array("'"),array('&#39;'),$data);
		
			if (self::$ext_lib==0){
				require_once("sanitizer.html.php");
				self::$san=new HTML_Sanitizer();
			}
			
			self::$san->allowStyle();
			
			return self::$san->sanitize($data);
		}
		
		
		
		# Function: form()
		# -------------------------------------
		# Turn back html to form input. This is just to handle
		# new line.
		
		public static function form($text){
			$s=array("<br>","'","\\'",'\"','}','{');
			$r=array("\n","'","'",'"','&#125;','&#123;');
			return str_replace($s,$r,$text);
		}
		
		
		# Function: formjs()
		# -------------------------------------
		# Turn back html to form input. This is just to handle
		# new line.
		
		public static function formjs($text){
			$s=array("<br>","&#39;","&#34;",'}','{');
			$r=array("\n","'",'"','&#125;','&#123;');
			$text=str_replace($s,$r,$text);
			return "(<r><![CDATA[$text abcd]]></r>).toString()";
		}
		
		
		# Function: nohtml()
		# -------------------------------------
		# Strips all tags
	
		public static function nohtml($text){
			$text=strip_tags($text);
			$danger=array('<','>',"\n",'\\','\'','"','  ');
			$safe=array('&lt;','&gt;',' ','&#92;','&#39;','&#34;',' ');
			return str_ireplace($danger,$safe,$text);
		}
	
	
		# Function: process()
		# -------------------------------------
		# Process the initial data.
		 
		private static function process(){
			self::$text=trim(self::$text);
			
			$html=array(); $bb=array();
			for ($i=0; $i<count(self::$tags); $i++){
				$html[]="<".self::$tags[$i].">";
				$html[]="</".self::$tags[$i].">";
				$bb[]="[".self::$tags[$i]."]";
				$bb[]="[/".self::$tags[$i]."]";
			}
			
			# Adding White Spaces
			if (self::$style!='html' && self::$style!='editor'){ # If text is html editor, then no need to add white space.
				$html[]="\n";
				$bb[]="[br]";
			}
			
			# Step 1. Turn HTML to become purely BBCode. We will turn it
			# back to HTML later.
			self::$text=str_ireplace($html,$bb,self::$text);
			
			# Step 2. Turn all potential tag (with <) to safe tag.
			$danger=array('<','>',"\n",'\\','\'','"','@','|',':');
			$safe=array('&lt;','&gt;','','&#92;','&#39;','&#34;','&#64;','&#124;','&#58;');
			self::$text=str_ireplace($danger,$safe,self::$text);
			
			# Step 3. Replace helper tags to the correct tags.
			$close=array('[/br]','[link]','[/link]','[image]','[/image]','[url]','[/url]');
			$safe=array('[br]','[a]','[/a]','[img]','[/img]','[a]','[/a]');
			self::$text=str_ireplace($danger,$safe,self::$text);
			
			# Step 4. Replace simple tags back to html. At this step, the
			# html is safe.
			self::$text=str_ireplace($bb,$html,self::$text);
			
			# Step 5. parseBack
			self::parseBack();
		}
		
		
		# Function: parseBack()
		# ---------------------------------------
		# Parse back to HTML. This is ready to be saved in the database. We
		# have to do so to handle elements that require attribute such as img, a.
		
		private static function parseBack(){
			$tokens=Joob_Utils_Word::split("[",self::$text);
			for ($i=0; $i<count($tokens); $i++){
				$tok=$tokens[$i];
				self::parseToken($tok,$i,$tokens);
			}
		}
		
		
		# Function: parseToken($tok)
		# -----------------------------------------
		# Parse a single token. The result will be then added to $ftext;
		
		private static function parseToken($tok,$k,&$tokens){
			
		}
		
	}
?>